ArticleField.comInternet's Fastest Growing Free Content Article Directory

Once that link is established, the location where that link is referenced is called the scope of management (SOM). The Scope of Management basically tells the areas de?ned what they should pay attention to and how it affects them. Of course, multiple structures can contain multiple GPOs, and each can be linked to multiple GPOs, which can create multiple scopes of management. But by default, all users mcsa contained within the SOM will have the GPO applied to them and their children through inheritance.

A lot of administrators say that the most fun, or at least the most worrying, job in an enter- prise is applying Group Policy. To do so safely, an administrator has to understand the impact of each decision. To begin with, you have to understand the order in which Group Policy is implied, which is summarized in Figure 6.1.
The order in which Group Policy is applied is as follows:
1. Local
2. Site
3. Domain
4. OU

First, Group Policy is applied locally. Every computer running Windows Server 2008 that uses Group Policy has a Group Policy object that will apply its own individual settings, which come into play before any other. Afterward, any policies that are linked to the site are applied to the individual machine. Only after both the local and site policies have been applied are the domain policies applied. Ironically enough, it’s only at the end of this pro- cess that OUs are applied.

This is for good and logical reason. The main reason OUs are applied last is that the pol- icy is designed to go from the most localized to the least localized. Considering that OUs can spread across a wide area and contain a lot of different object types, it’s best to apply them last and only after all other policies have been applied. What makes it ironic is that most administrators spend most of their time applying 70-640 GPOs to OUs!

Keep in mind that although this is how Group Policy is applied, there is a default pre-cedence regarding how important Windows Server 2008 considers the policy. The order is as follows, from strongest precedence to weakest precedence:
1. GPO linked to an OU
2. GPO linked to a domain
3. GPO linked to a site
4. Local GPO for a specific user
5. Local GPO for administrators/nonadministrators
6. Local GPO for a local group policy
And, in the case where two policies are overlapping, the policy with the strongest prece- dence is declared the winner and is applied.

[!] Report This Article

Processing your request, Please wait....

Report as:	Broken Links Invalid / Wrong Links Spam Inappropriate Content Copyrighted Article Other
Your Name:
Your Email:
Message about this article: